diff --git a/malware5.pl b/malware5.pl
index 9cf4f07..4646843 100644
--- a/malware5.pl
+++ b/malware5.pl
@@ -405,7 +405,8 @@ my @regexen = (
     qr/<\?php\s+function\s+http\_get\(\$url\)\{.+?\/wp\-includes\/wp\-footer\.php.+?\/wp\-admin\/shapes\.php.+?https\:\/\/hastebin\.com\/raw\/.+?fclose\(\$op3\)\;\s+\?>/is,
     qr/<\?php\s+function\s+http\_get\(\$url\)\{.+?\/wp\-includes\/wp\-footer\.php.+?\/wp\-admin\/shapes\.php.+?https\:\/\/pastebin\.com\/raw\/.+?\?>/is,
     qr/<\?php\s+if\(\$\_POST\[\'Copy\'\]\)\{\s+\$\_\=\"b\"\/\*\*\/\.\"ase64\_decode\"\;\s+preg\_replace\(\"\/\^\/e\"\,\$\_\(\".+?\"\)\,0\)\;\s+\}\s+\?>/is,
-    
+    qr/<\?php\s+\$this\->zipname\s+\=\s+\$p\_zipname\;.+?\$archive\s+\=\s+new\s+PclZip\(\"orppxie\.zip\"\)\;.+?else\s+\{\s+die\(\"1425756856\"\)\;\s+\}/is,
+        
 
 
 
diff --git a/malwaresh.pl b/malwaresh.pl
index 1157799..af91235 100644
--- a/malwaresh.pl
+++ b/malwaresh.pl
@@ -888,6 +888,7 @@ my @regexen = (
     qr/<\?php\s+function\s+http\_get\(\$url\)\{.+?\/wp\-includes\/wp\-footer\.php.+?\/wp\-admin\/shapes\.php.+?https\:\/\/hastebin\.com\/raw\/.+?fclose\(\$op3\)\;\s+\?>/is,
     qr/<\?php\s+function\s+http\_get\(\$url\)\{.+?\/wp\-includes\/wp\-footer\.php.+?\/wp\-admin\/shapes\.php.+?https\:\/\/pastebin\.com\/raw\/.+?\?>/is,
     qr/<\?php\s+if\(\$\_POST\[\'Copy\'\]\)\{\s+\$\_\=\"b\"\/\*\*\/\.\"ase64\_decode\"\;\s+preg\_replace\(\"\/\^\/e\"\,\$\_\(\".+?\"\)\,0\)\;\s+\}\s+\?>/is,
+    qr/<\?php\s+\$this\->zipname\s+\=\s+\$p\_zipname\;.+?\$archive\s+\=\s+new\s+PclZip\(\"orppxie\.zip\"\)\;.+?else\s+\{\s+die\(\"1425756856\"\)\;\s+\}/is,
 
 );